Internet Security Discussion August 22, 2019 05:11PM |
Registered: 5 years ago Posts: 74 |
Quote
With all due respect to your talents and wisdom, I can’t recommend opening port 80 to the outside on the type of router presently installed. I am not sure if you are aware of just how bad the internet is currently, but I can tell you that within an hour of opening that port there will be between 10 and 50 attempts to break in every hour there after and the chances of them succeeding are pretty strongly in favor of the bad guys. My sonicwall registers as many as 5 - 10 port scans a minute and the bad guys will ponce on an open port to a Windows based version of Apache like hawks on a rat.
Even if you do everything right and implement it exactly as recommended, the odds are likely only about 2 / 10 that you could make it a year without being clobbered unless protected by a firewall.
There are currently new vulnerabilities discovered every couple of weeks and that means failure to regularly update makes you vulnerable. We simply don’t have the resources or hardened operating systems to cope with this level of attack vectors.
Your system would be fine accessed via a VPN but an almost sure compromise if allowed via an open port 80 on a consumer level router. Windows servers are not very strong by internet standards and port 80 is the center of the bulls eye for hacking remote systems. An interested attacker can almost immediately get what version of Apache you are running and the base OS that is hosting it. As soon as they see windows server the race is on to crack it and take over the server.
What kind of mobile devices are you using. Changes are if they are apple or Android they will support Sonicwall SSL VPN, and that would be a lot better way to access your portal.
Quote
More discouraging news there as well… changing the port means that someone would need to be more interested, but if the port is open they will very shortly determine that it’s an apache server running on Windows and then the race will be on to crack it. Modern blackhat port scanners can do some pretty amazing port diagnostics. They can identify the server verion, possible exploit vectors and check for patch levels that might allow an attack. They can finger print the server in less than a minute in most cases and produce a report that helps a lot in determining what exploits to use to gain root access. Where its running on the PDC any break to root gives them unlimited attack access to start stealing or encrypting.
Less dangerous than FTP, but unless its running on a separate PC in a DMZ its too likely to be cracked IMHO.